My review on the GCIH Course - @ a SANS Conference



Full Member
Full Member

Posts: 120

Joined: Sat Jun 09, 2007 2:23 am

Location: Syndey, Australia

Post Sun Jul 29, 2007 7:37 am

My review on the GCIH Course - @ a SANS Conference

The Course : http://www.sans.org/training/descriptio ... 8e7ec797d3

Quick background - I come from a network background and spending a good deal of time hardening and protecting systems from their user and sometimes bad guys.
I wouldn't rate my attacker skills past a very limited script kiddie on a good day. :-)
The companies I've worked for engaged pen testers to find the holes, then I work with them to understand and fix those holes.

I had the chance to attend a SANS conference as a volunteer, http://www.sans.org/training/volunteer.php - so jumped at the opportunity to see life from the other side of the fence.

I won't go in to what happens as one of the volunteer, it’s great fun but long hours!

The course is 6 days in length. Five days of labs and lectures followed by day six, the hacking challenge (more on this later) Starting at 9am and finishing around 5pm, with breaks and lunch,

The class was just under 30 people of all backgrounds. We had military, government, education, law enforcement, a number of fortune 500 and a mix of random folks. Ages ranged from early 20's up to people who'd work with Vax systems when they were new and shiny - obviously in their late 100's :-)

We got a book for each day, a couple of cheat sheets and a CD containing a VMware image of a pre-built Linux system, load with tools for the coming practicals.

Our instructor was Mike Poor, a good friend of and works with, Ed Skoudis, the course author.  I'd been in Mike's phenomenal Intrusion detection SANS class the year before, so knew I was in for a crammed 6 days. He covers not only the course work, but real world events he actually worked on and interacts with the class to get the best of their experiences too.
Mike loves to run demo, so you spend a great dealt of the time watching him perform the slides, rather than talk through them. I found watching someone else go through the process first, made it easier to attempt it later on myself. 

The first days is all about the basic of Incident handling. Making sure you have the backing plans, knowledge and tools ready to deal with incidents in the IT field. It the “talked at” day as it cover a wide breadth of information ranging from dealing with the law to what you should have in you incident response bat utility belt.
I could see a number of the class twitching to get on the “good stuff” but I like having a plan before playing with fire. It saves getting burnt too badly  The evening held an intro to VMware and linux for us poor un-enlighten windows types

Days two to five plunged in to hacking tools and techniques and kept going. From the seemingly shallow water of Google hacking and Netcat, into the colourful Windows exploits, Linux privilege escalation, versatile Metasploit, crashing in the murky deeps of buffer overflows and Format String Attacks.
Mike used the books as reference point, but took us off exploring and experimenting with the tools against our own systems and with Linux system vmware image.

Despite the different skill sets, backgrounds and knowledge of everyone in the class managed to keep up and get to the end of day five in almost one piece mentally.

Day six is THE day where you get to throw everything you’ve learnt at a special network. The class was broken in to small teams and given the permission to attack it! You can use all the tools, tricks and cheats at your disposal in any effort to be the first team to crack all the arrayed systems.
It’s a pretty crazy day, with all sort hacking madness and the odd practical joke on a rival team.

I hugely enjoyed the six days, felt I learnt a lot and meet some great people. The knowledge acquired makes me a better defender as I can see how the other side may come at me.
I still wouldn’t class myself as a skilled attacker, but could be mildy dangerous if backed in to a corner ;-)

* SANS is a known, respected security educator
* Six solid days of focused learning, being taught by someone with a passion of the subject and plenty of real world experience to boot
* The instructor - All the SANS instructors are very approachable, down to earth and really know their stuff.
* The classmates – It’s great to meet peers, swap stories and hangout with like minded people. I picked up some great tips and ideas from
*Plenty of tools –
  Lots of books, one for each day – The books are full of walkthroughs exercises so easy to review during and after the event.
  CD with the Linux image load full of tools to provide a safe test zone,
  MP3 files of the six days to help retain the information.
* Day Six – a world of pain and mayhem :D
* The exam is getting more solid recognition from employers in the security fields

* Cost – it’s a big bunch of money, plus travel and accomodation
* Six days doesn’t seems long enough to learn that much information
* Taking the exam is extra expense


User avatar

Sr. Member
Sr. Member

Posts: 299

Joined: Sat Sep 10, 2005 5:45 pm

Location: /dev/null

Post Mon Jul 30, 2007 4:23 pm

Re: My review on the GCIH Course - @ a SANS Conference

Wow, this is great input. Thanks for all that.  :)

There are 10 kinds of people, those that understand binary, and those that don't.


Post Mon Aug 06, 2007 4:10 pm

Re: My review on the GCIH Course - @ a SANS Conference

Yes, very nice write up.


Post Mon Aug 06, 2007 4:32 pm

Re: My review on the GCIH Course - @ a SANS Conference

yeah i almost had mine done and the lappy died.  one of these days...

Return to GCIH - GIAC Certified Incident Handler

Who is online

Users browsing this forum: No registered users and 0 guests

Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software